search

pschiffe / docker-pdns

Docker images for PowerDNS
MIT License
270 stars 80 forks source link

Recursor 4.9 with pod security context failes to write the config file. #139

Closed vipinjn24 closed 3 months ago

vipinjn24 commented 3 months ago

Recursor 4.9 with pod security context failes to write the config file.

Says permission denied.

vipinjn24 commented 3 months ago

Error: /docker-entrypoint.sh: line 21: can't create /etc/pdns/recursor.conf: Permission denied

Only when using versions like the below. pschiffe/pdns-recursor:4.9-alpine pschiffe/pdns-recursor:4.7-alpine

This works fine with same config. pschiffe/pdns-recursor:alpine

pschiffe commented 3 months ago

Can you show me the config how are you creating the container?

vipinjn24 commented 3 months ago

Here it is:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: powerdns-recursor
spec:
  selector:
    matchLabels:
      app: powerdns-recursor
  template:
    metadata:
      labels:
        app: powerdns-recursor
    spec:
      securityContext:
        runAsUser: 100
        runAsGroup: 101
        fsGroup: 101
        fsGroupChangePolicy: OnRootMismatch
      containers:
        - image: pschiffe/pdns-recursor:alpine
          name: powerdns-recursor-master
          ports:
            - name: udp
              protocol: UDP
              containerPort: 3053
            - name: tcp
              protocol: TCP
              containerPort: 3053
            - name: api
              protocol: TCP
              containerPort: 8082
          env:
            - name: PDNS_local_port
              value: '3053'
            - name: PDNS_webserver
              value: 'yes'
            - name: PDNS_webserver_address
              value: '0.0.0.0'
            - name: PDNS_webserver_password
              valueFrom:
                secretKeyRef:
                  name: powerdns-recursor-secret
                  key: wspass
            - name: PDNS_api_key
              valueFrom:
                secretKeyRef:
                  name: powerdns-recursor-secret
                  key: apikey
          readinessProbe:
            exec:
              command:
                - rec_control
                - ping
            initialDelaySeconds: 5
            periodSeconds: 5
            timeoutSeconds: 2
          livenessProbe:
            exec:
              command:
                - rec_control
                - ping
            initialDelaySeconds: 20
            periodSeconds: 5
            timeoutSeconds: 2
vipinjn24 commented 3 months ago

this one works fine but when i add the specific version then the problem comes up

pschiffe commented 3 months ago

I've updated the base images and created new tags. Support for running as non-root was added recently and wasn't tagged before.

Now, these images should work for you:

pschiffe/pdns-recursor:latest
pschiffe/pdns-recursor:alpine
pschiffe/pdns-recursor:5.0
pschiffe/pdns-recursor:5.0-alpine

Can you try?

vipinjn24 commented 3 months ago

this works fine, thanks.

a qq is this done for pdns also?

pschiffe commented 3 months ago

yep